Schneier on Security
JULY 24, 2023
Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
The Last Watchdog
JULY 24, 2023
Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 24, 2023
In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.
Security Affairs
JULY 24, 2023
Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including an actively exploited zero-day. The vulnerability, tracked as CVE-2023-38606, resides in the kernel and can be exploited to modify sensitive kernel state potentially.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Tech Republic Security
JULY 24, 2023
Assurances include watermarking, reporting about capabilities and risks, investing in safeguards to prevent bias and more.
The Hacker News
JULY 24, 2023
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
WIRED Threat Level
JULY 24, 2023
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
Tech Republic Security
JULY 24, 2023
In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.
Security Affairs
JULY 24, 2023
A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH ’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network.
Tech Republic Security
JULY 24, 2023
While the United Nations hashes out regulations, the UK’s ‘context-based’ approach is intended to spur innovation but may cause uncertainty in the industry.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
JULY 24, 2023
Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. “On the 5 th and 7 th of April, a threat actor leveraged the NPM platform to upload a couple of packag
Malwarebytes
JULY 24, 2023
Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. Updates are available for these products: Safari 16.6 macOS Big Sur and macOS Monterey iOS 16.6 and iPadOS 16.6 iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later iOS 15.7.8 and iPadOS 15.7.8 iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st gene
Security Affairs
JULY 24, 2023
Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries. The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited a zero-day vulnerability in an unnamed third-party software. Local authorities launched an investigation into the attack that was reported by the Norwegian Security and Service Organization (DSS) to the National Security Authority (NSM).
Malwarebytes
JULY 24, 2023
If you want to tighten up your parents' home cybersecurity as much as possible, you've come to the right place. After all, you’re no doubt the family IT person, and first point of contact if trouble arises. Consider a Chromebook. If someone is looking for a new computer system for regular, non-demanding purposes, such as browsing, social media, and email, you can help with recommendations.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
JULY 24, 2023
As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to assess a whole new set of risks from a technology that is in its infancy. The post AI and the software supply chain: Application security just got a whole lot more complicated appeared first on Security Boulevard.
The Hacker News
JULY 24, 2023
Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.
Security Boulevard
JULY 24, 2023
Storm-0558 Breaks: Satya and Pooh, sitting in a tree, K.I.S.S.I.N.G. The post ‘China’ Azure Breach: MUCH Worse Than Microsoft Said appeared first on Security Boulevard.
Bleeping Computer
JULY 24, 2023
Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main.com domains for the Microsoft 365 services. [.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Heimadal Security
JULY 24, 2023
Earlier this month, Microsoft and CISA disclosed a security incident and attributed it to the Chinese threat group Storm-0558. The threat actors stole a Microsoft consumer signing key, which was initially thought to have provided them with access to Exchange Online and Outlook.com. However, it seems like the incident has a broader scope than what […] The post Stolen Microsoft Key: The Impact Is Higher Than Expected appeared first on Heimdal Security Blog.
Security Boulevard
JULY 24, 2023
Google is rolling out a red team charged with testing the security of AI systems by running simulated but realistic attacks to uncover vulnerabilities or other weaknesses that could be exploited by cybercriminals. The post Google Launches Red Team to Secure AI Systems Against Attacks appeared first on Security Boulevard.
Bleeping Computer
JULY 24, 2023
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. [.
Security Boulevard
JULY 24, 2023
Security flaws in connected devices and the IoT are plaguing the digital landscape, impacting a broad range of industries. The post IoT Connected Devices Pose Significant Risk to Organizations appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JULY 24, 2023
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.
Security Boulevard
JULY 24, 2023
Machine learning-based fraud decision engines are sometimes viewed as mysterious black boxes that only provide minimal insight into why a decision was made on a login or a transaction. It’s a valid concern; not all fraud solution providers provide intuitive decision explainability. Some solutions fail to provide any transparency at all on the transactions they […] The post Lost transparency, blackbox ML, and other hidden risks of outsourced fraud solutions appeared first on Sift Blog.
Digital Guardian
JULY 24, 2023
Considering DLP? In this blog, we look at a handful of factors to consider when selecting a solution.
Security Boulevard
JULY 24, 2023
The average cost to an organization hit with a data breach reached a record high this year, though those companies are split on who they believe should foot the bill, according to a report released today by IBM. The post IBM: Cost of a Data Breach Hits Another High appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
JULY 24, 2023
Apple has released security updates to address zero-day vulnerabilities exploited in attacks targeting iPhones, Macs, and iPads. [.
Security Boulevard
JULY 24, 2023
Ransomware impacts more than seven in ten companies worldwide, and understanding how ransomware spreads is critical to finding solutions to stop it Ransomware is malicious software threat actors use to infiltrate a network. Cybercriminals design ransomware to block access to a computer system or encrypt data they find in an architecture they have infiltrated and.
The Hacker News
JULY 24, 2023
Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below - CVE-2023-22505 (CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.
Security Boulevard
JULY 24, 2023
Zenbleed (CVE-2023-20593) was announced today. This is a vulnerability affecting AMD processors based on the Zen2 microarchitecture (certain EPYC CPUs used in datacenter servers and Ryzen/Threadripper CPUs used in desktop/laptop computers). The bug is a speculative execution bug, but somewhat different from the speculative execution side channel bugs we’ve seen in the past (eg, Meltdown.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
245 
Let's personalize your content